Sr Technical Information Security Analyst

H-E-B is a leading innovator in technology, and our Information Solutions Partners collaborate to design, construct, implement, and support technology solutions to help make us the Greatest Retailing Company.

As a Senior Information Security Analyst, you will work with key H-E-B information system personnel to architect secure critical infrastructure solutions and services. Responsibilities include: designing security solutions in accordance with industry standard architecture frameworks, and coordinating enterprise wide security programs to meet regulatory compliance.

Do you have a:

HEAD FOR BUSINESS- the willingness to maintain / gain new technical knowledge?

HEART FOR PEOPLE- the ability to present complex technical and security-related info so it-s easily understood by many?

PASSION FOR RESULTS- the ability to advise on development / acquisition projects to ensure the best security-related outcomes?

RESPONSIBILITIES INCLUDE:

Management:

• Develops security configuration and operations standards for security systems and applications to include policy assessment and compliance tools, network security appliances, and host-based security systems.

• Recommends, develops, implements, trains on, and interprets Info Security control patterns, designs, procedures, policies, guidelines, and standards, including the IS awareness program.

• Collaborates with business leaders to develop solutions that balance security and business needs.

• Generates and maintains administrative documentation, such as architecture diagrams, admin manuals, and operational procedures and processes.

• Assists Project Manager in developing project plans, specifying goals, identification of risks, contingency plans, and allotment of resources for each phase of the project.

• Monitors and drives project results against technical specifications.

Security / Administration:

• Performs security administration services for enterprise security systems including but limited to: Public Key Infrastructure (PKI) and certificate management, Key Management Systems (KMS), Security Information and Event Management (SIEM), Identity and Access Management, Web content filtering, Vulnerability Scanners, Static and Dynamic Code Analysis.

• Responds to information security requests, incidents, and trouble tickets according to a defined SLA.

• Participates in an on-call rotation for information security and resolve service outages within SLA.

• Conducts periodic security testing of controls (penetration tests, vulnerability analysis, etc.)

• Leads incident response teams, including performing forensic / investigation services.

• Participates in disaster recovery and business continuity efforts.

• Develops security processes and procedures. Supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.

• Plays an advisory role in application development or acquisition projects to assess security requirements and controls, and to ensure that security controls are implemented as planned.

• Reports to H-E-B management concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.

• Works with information security leadership to develop strategies and plans to enforce security requirements and address identified risks.

• Maintains job knowledge by participating in educational opportunities, reading professional publications, maintaining personal networks, and participating in professional organizations

Analytics:

• Serves as primary individual responsible for execution of risk assessment activities, analyzing the results of audits (performed by other groups) to produce recommendations of acceptable risk and risk mitigation strategies.

• Provides monthly, quarterly, and ad-hoc strategic and operational risk reporting and analytics for trending, risk assessment, compliance, and active exception reporting.

• Determines security requirements by evaluating business strategies and requirements-researches information security standards, conducts system security and vulnerability analyses, and risk assessments.

• Researches, evaluates, and recommends information security-related hardware and software, including developing business cases for security investments.

• Develops solutions by analyzing information requirements, determining systems architecture, components, and technologies, and by studying business operations and user-interface requirements.

Auditing / Compliance:

• Manages and coordinates internal and external audits, including but not limited to PCI DSS and HIPAA.

• Performs physical site assessments of business partners, provides peer review of work product and deliverables; executes release of information analysis to third-party business partners.

PREFERRED EDUCATION AND EXPERIENCE:

• Bachelor's degree or 5 years relevant work experience.

• 5 years of experience working full-time as an Information Security Professional.

• At least one professional security certification such as CISSP, CISA, CEH, applicable SANs programs. Other industry certifications (e.g., Cisco, Microsoft, VMware) preferred.

• Technical expertise in systems administration and security tools.

• Experience with scripting languages or code development for task automation such as Python, Perl, Bash, PHP, JavaScript, and PowerShell.

• Experience securing UNIX, Linux, and Windows

• Experience securing Web Application Servers such as Apache, Tomcat, and Microsoft IIS

• Experience securing various database technologies

• Experience developing information security standardized configuration guides and procedures.

• Experience performing vulnerability assessments and penetration tests using automated and manual methodologies against infrastructure and applications.

• Experience with ticketing systems- to include understanding work flow, ticket routing, and resolution documentation.

• Experience configuring, deploying, and monitoring enterprise security tools.

• Experience with threat model development / management.

• Experience with project management and creating / managing project plans, budgets, and resource allocation.

• Knowledge of DevOps (CI/CD Processes) and basic automation tools

• Working knowledge of TCP/IP and networking technologies

Preferred Key Competencies

• Familiarity security and risk management frameworks and auditing principles.

• Familiarity with business continuity and disaster recovery process, procedures, testing.

• Familiarity with retail environments.

• Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff.

• Collaborates with business and IS teams to ensure solutions are aligned to H-E-B's security posture.

• Ability to influence others.

• Service-oriented.

Physical and Other Requirements

• Function in a fast-paced, retail, office environment.

• Travel by car or airplane with overnight stays.

• Sit for extended periods of time.

• Work extended hours, nights, weekends, and shift work.